Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Very High

CVE-2021-44529

Disclosure Date: December 08, 2021 (last updated October 07, 2023)
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Unknown

CVE-2024-11773

Disclosure Date: December 10, 2024 (last updated January 18, 2025)
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-11772

Disclosure Date: December 10, 2024 (last updated January 18, 2025)
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-11639

Disclosure Date: December 10, 2024 (last updated January 18, 2025)
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-9381

Disclosure Date: October 08, 2024 (last updated October 17, 2024)
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-9380

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-9379

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-8963

Disclosure Date: September 19, 2024 (last updated September 21, 2024)
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0